Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

msm1267 writes: For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL clients, including OpenSSL, will accept weak RSA keys–known as export-grade keys–without asking for those keys. Export-grade refers to 512-bit RSA keys, the key strength that was approved by the United States government for export overseas. This was an artifact from decades ago and it was thought that most servers and clients had long ago abandoned such weak ciphers. The vulnerability affects a variety of clients, most notably Apple's Safari browser.

HughPickens.com writes: The Globe and Mail reports that Edward Snowden's Russian lawyer, Anatoly Kucherena, says the fugitive former U.S. spy agency contractor is working with American and German lawyers to return home. "I won't keep it secret that he wants to return back home. And we are doing everything possible now to solve this issue. There is a group of U.S. lawyers, there is also a group of German lawyers and I'm dealing with it on the Russian side." Kucherena added that Snowden is ready to return to the States, but on the condition that he is given a guarantee of a legal and impartial trial. The lawyer said Snowden had so far only received a guarantee from the U.S. Attorney General that he will not face the death penalty. Kucherena says Snowden is able to travel outside Russia since he has a three-year Russian residency permit, but "I suspect that as soon as he leaves Russia, he will be taken to the U.S. embassy."

Sparrowvsrevolution writes A new Wired magazine story goes inside the North Korean rebel movement seeking to overthrow Kim Jong-un by smuggling USB drives into the country packed with foreign television and movies. As the story describes, one group has stashed USB drives in Chinese cargo trucks. Another has passed them over from tourist boats that meet with fishermen mid-river. Others arrange USB handoffs at the Chinese border in the middle of the night with walkie talkies, laser pointers, and bountiful bribes. Even Kim assassination comedy The Interview, which the North Korean government allegedly hacked Sony to prevent from being released, has made it into the country: Chinese traders' trucks carried 20 copies of the film across the border the day after Christmas, just two days after its online release.

HughPickens.com writes: The NY Times reports that Hillary Rodham Clinton exclusively used a personal email account to conduct government business as secretary of state, according to State Department officials. She may have violated federal requirements that officials' correspondence be retained as part of the agency's record. Clinton did not have a government email address during her four-year tenure at the State Department. Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act. "It is very difficult to conceive of a scenario — short of nuclear winter — where an agency would be justified in allowing its cabinet-level head officer to solely use a private email communications channel for the conduct of government business," said attorney Jason R. Baron. A spokesman for Clinton defended her use of the personal email account and said she has been complying with the "letter and spirit of the rules."

Lasrick writes The Bulletin of the Atomic Scientists has just launched a very cool interactive graphic to go with their famed Nuclear Notebook, the feature that tracks the world's nuclear arsenals. Now you can see at a glance who has nuclear weapons, when they got them, and how those numbers compare to each other. A short introductory video gives some background on the success of the Notebook, which has been tracking nukes since 1987.

An anonymous reader writes Last fall, Daniel Therrien, the government's newly appointed Privacy
Commissioner of Canada, released the annual
report on the Privacy Act, the legislation that governs how
government collects, uses, and discloses personal information. The
lead story from the report was the result of an audit of the Royal
Canadian Mounted Police practices regarding warrantless requests for
telecom subscriber information. Michael Geist now reports
that a secret internal memo reveals the situation was far worse,
with auditors finding the records from Canada's lead law
enforcement agency were unusable since they were "inaccurate and
incomplete."

"The work on the exchange was complete by February 2014, but going live with the website and providing a means for all Oregonians to sign up for health insurance coverage didn't match the former-Governor's re-election strategy to 'go after' Oracle," Oracle spokeswoman Deborah Hellinger said in a statement.

New submitter seoras sends news that PayPal is now refusing to handle payments for Mega, Kim Dotcom's cloud storage service. A report (PDF) issued in September of last year claimed Mega and other "cyberlocker" sites made a great deal of illicit money off piracy. Mega disputes this, of course, and says the report caused U.S. Senator Patrick Leahy to pressure credit card companies to stop working with Mega. Those companies then pressured PayPal to stop as well. The hosting company claims, "MEGA provided extensive statistics and other evidence showing that MEGA’s business is legitimate and legally compliant. After discussions that appeared to satisfy PayPal’s queries, MEGA authorised PayPal to share that material with Visa and MasterCard. Eventually PayPal made a non-negotiable decision to immediately terminate services to MEGA."

schwit1 sends this report from the National Journal:
A federal court has again renewed an order allowing the National Security Agency to continue its bulk collection of Americans' phone records, a decision that comes more than a year after President Obama pledged to end the controversial program. The Foreign Intelligence Surveillance Court approved this week a government request to keep the NSA's mass surveillance of U.S. phone metadata operating until June 1, coinciding with when the legal authority for the program is set to expire in Congress. The extension is the fifth of its kind since Obama said he would effectively end the Snowden-exposed program as it currently exists during a major policy speech in January 2014. Obama and senior administration officials have repeatedly insisted that they will not act alone to end the program without Congress.

An anonymous reader writes The BlackPhone, a $600-plus encrypted Android handset designed to keep the prying eyes of criminals and the government out of mobile communications, is now fully owned by Silent Circle thanks to the company raking in investment cash. Terms of the buyout deal with Spanish smartphone maker Geeksphone, the phone's hardware manufacturer, were not disclosed. Silent Circle said Thursday that it has raised $50 million and plans on showing off an encrypted 'enterprise privacy ecosystem' at World Mobile Congress next week. A BlackPhone tablet is on the way, too.

sciencehabit writes: A drug the U.S. government once branded "extremely dangerous and not fit for human consumption" deserves a second chance, a study of rats suggests. Researchers report (abstract) that a slow-release version of the compound reverses diabetes and nonalcoholic fatty liver disease (NAFLD), an untreatable condition that can lead to cirrhosis and liver cancer.

muggs sends word that the U.S. Federal Communications Commission has voted 3-2 to approve an expansion of their ability to regulate ISPs by treating them as a public utility.
Under the rules, it will be illegal for companies such as Verizon or Cox Communications to slow down streaming videos, games and other online content traveling over their networks. They also will be prohibited from establishing "fast lanes" that speed up access to Web sites that pay an extra fee. And in an unprecedented move, the FCC could apply the rules to wireless carriers such as T-Mobile and Sprint -- a nod to the rapid rise of smartphones and the mobile Internet. ... The FCC opted to regulate the industry with the most aggressive rules possible: Title II of the Communications Act, which was written to regulate phone companies. The rules waive a number of provisions in the act, including parts of the law that empower the FCC to set retail prices — something Internet providers feared above all. However, the rules gives the FCC a variety of new powers, including the ability to: enforce consumer privacy rules; extract money from Internet providers to help subsidize services for rural Americans, educators and the poor; and make sure services such as Google Fiber can build new broadband pipes more easily.

An anonymous reader writes: Bruce Schneier has written another insightful piece about the how modern tech companies treat security. He points out that most organizations will tell you to secure your data while at the same time asking to be exempt from that security. Google and Facebook want your data to be safe — on their servers so they can analyze it. The government wants you to encrypt your communications — as long as they have the keys. Schneier says, "... we give lots of companies access to our data because it makes our lives easier. ... The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view. Someone else is taking care of it. We want strong security, but we also want companies to have access to our computers, smart devices, and data. We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices. ... We want our data to be secure, but we want someone to be able to recover it all when we forget our password. We'll never solve these security problems as long as we're our own worst enemy.

HughPickens.com writes: John Schwartz reports at the NY Times that prominent members of the U.S. House of Representatives and the Senate are demanding information from universities, companies and trade groups about funding for scientists who publicly dispute widely held views on the causes and risks of climate change. In letters sent to seven universities, Representative Raúl M. Grijalva, an Arizona Democrat who is the ranking member of the House committee on natural resources, sent detailed requests to the academic employers of scientists who had testified before Congress about climate change. "My colleagues and I cannot perform our duties if research or testimony provided to us is influenced by undisclosed financial relationships." Grijalva asked for each university's policies on financial disclosure and the amount and sources of outside funding for each scholar, "communications regarding the funding" and "all drafts" of testimony. Meanwhile Edward J. Markey of Massachusetts, Barbara Boxer of California and Sheldon Whitehouse of Rhode Island. sent 100 letters to fossil fuel companies, trade groups and other organizations asking about their funding of climate research and advocacy asking for responses by April 3. "Corporate special interests shouldn't be able to secretly peddle the best junk science money can buy," said Senator Markey, denouncing what he called "denial-for-hire operations."

The letters come after evidence emerged over the weekend that Wei-Hock Soon, known as Willie, a scientist at the Harvard-Smithsonian Center for Astrophysics, had failed to disclose the industry funding for his academic work. The documents also included correspondence between Dr. Soon and the companies who funded his work in which he referred to his papers and testimony as "deliverables." Soon accepted more than $1.2 million in money from the fossil-fuel industry over the last decade while failing to disclose that conflict of interest in most of his scientific papers. At least 11 papers he has published since 2008 omitted such a disclosure, and in at least eight of those cases, he appears to have violated ethical guidelines of the journals that published his work. "What it shows is the continuation of a long-term campaign by specific fossil-fuel companies and interests to undermine the scientific consensus on climate change," says Kert Davies.

mpicpp sends this report from CNN:
They are sleek, mostly silent converted weapons of war: Drones used by the Border Patrol to scan the skies in the empty deserts of the Southwest to spot illegal immigrants and then, if things work out, have agents arrest them. That's the idea, and the agents who use them say the drones give them a vantage point they never had before. Flying at 18,000 feet, the drones view the landscape below, lock onto potential suspects crossing the Arizona desert, and agents on the ground move into make the arrests. But it's outrageously expensive: $28,000 for a single arrest.

An anonymous reader writes A division of the U.S. government's Intelligence Advanced Research Projects Activity (IARPA) unit, is inviting proposals from cybersecurity professionals and academics with a five-year view to creating a computer system capable of anticipating cyber-terrorist acts, based on publicly-available Big Data analysis. IBM is tentatively involved in the project, named CAUSE (Cyber-attack Automated Unconventional Sensor Environment), but many of its technologies are already part of the offerings from other interested organizations. Participants will not have access to NSA-intercepted data, but most of the bidding companies are already involved in analyses of public sources such as data on social networks. One company, Battelle, has included the offer to develop a technique for de-anonymizing BItcoin transactions (pdf) as part of CAUSE's security-gathering activities.

HughPickens.com writes Every year at least two million people are infected with bacteria that can't be wiped out with antibiotics but the number of F.D.A.-approved antibiotics has decreased steadily in the past two decades. Now.Ezekiel J. Emanuel writes at the NYT that the problem with the development of new antibiotics is profitability. "There's no profit in it, and therefore the research has dried up, but meanwhile bacterial resistance has increased inexorably and there's still a lot of inappropriate use of antibiotics out there," says Ken Harvey. Unlike drugs for cholesterol or high blood pressure, or insulin for diabetes, which are taken every day for life, antibiotics tend to be given for a short time so profits have to be made on brief usage. "Even though antibiotics are lifesaving, they do not command a premium price in the marketplace," says Emanuel. "As a society we seem willing to pay $100,000 or more for cancer drugs that cure no one and at best add weeks or a few months to life. We are willing to pay tens of thousands of dollars for knee surgery that, at best, improves function but is not lifesaving. So why won't we pay $10,000 for a lifesaving antibiotic?"

Emanuel says that we need to use prize money as an incentive. "What if the United States government — maybe in cooperation with the European Union and Japan — offered a $2 billion prize to the first five companies or academic centers that develop and get regulatory approval for a new class of antibiotics?" Because it costs at least $1 billion to develop a new drug, the prize money could provide a 100 percent return — even before sales. "From the government perspective, such a prize would be highly efficient: no payment for research that fizzles. Researchers win only with an approved product. Even if they generated just one new antibiotic class per year, the $2-billion-per-year payment would be a reasonable investment for a problem that costs the health care system $20 billion per year." Unless payers and governments are willing to provide favorable pricing for such a drug, the big companies are going to focus their R&D investments in areas like cancer, depression, and heart disease where the return-on-investments are much higher.

Probably -- if the device I want supports itProbably -- if it works as promisedProbably -- credit cards will be like checks in another decadeNot sure -- no strong opinions either wayDoubtful -- not a useful technology to meDoubtful -- it will be too fragmentedDoubtful -- privacy/security concernsDoes throwing my spare change at the cashier count as mobile?